doubiaozhan0745 2014-10-30 16:07
浏览 24

输入消毒Laravel 4

I am using Laravel 4 to create a RESTful interface for my AngularJS app.

At the moment, I want to update an object. My model is called Discount Link The way I do this is:

    $data = Input::all();
    $affectedRows = DiscountLink::where('id', '=', $id)->update($data);

(Please imagine there are some kind of validation checks)

I get an error in my laravel.log:

General error: 1 no such column: $edit

Edit is a value that was passed to my server because it was added in by angular. I don't see the need to explicitly remove this in my JS so my question is:

How can I create some kind of whitelist of key-names that my model will pay attention to. That way, even if something get's passed in by accident, the REST call doesn't have to fail.

I guess there are arguments for sanitising in the JS but i will then pollute my code with many de-assignment statements which could become messy, especially when dealing with AngularJS:

delete discountLink.$edit;

Any suggestions?

  • 写回答

1条回答 默认 最新

  • dsn1327 2014-10-30 16:33
    关注
    $data = Input::all();
$discountLink = DiscountLink::find($id);
$discountLink->fill($data);
$discountLink->save();

    This method is working. But your fillable/guarded attribute must be set correct.

    UPDATE:

    New method:

    $data = Input::all();
$data['id'] = $id;
$genre = new Genre;
$genre->exists = true;
$genre->update($data);

    It's 1 query, as I know.

    评论

报告相同问题?

  • 消毒电话号码输入woocommerce php
    2017-09-25 08:07
    回答 1 已采纳 you may try something like this : add_action('woocommerce_checkout_process', 'phoneValidate'); f
  • 去提供可变消毒吗?
    2017-12-30 01:25
    回答 1 已采纳 You could write your own sanitizing methods and if it becomes something you'll be using more often
  • Wordpress消毒隐藏价值 html php
    2015-11-02 14:37
    回答 1 已采纳 based on the information given.. You deal with hidden fields exactly the same way as visible fiel
  • 最全CTF Web题思路总结(更新ing)
    2022-02-12 23:37
    yjprolus的博客 $array = array( array("pipe","r"), //标准输入 array("pipe","w"), //标准输出内容 array("pipe","w") //标准输出错误 ); $fp = proc_open($test,$array,$pipes); //打开一个进程通道 echo stream_get_contents($...
  • 我还应该用mysqli消毒输入吗? php
    2011-03-09 00:23
    回答 4 已采纳 No! No and no. If you are already using prepared statements, MySQL needs to see the value, not so
  • Phalcon形式消毒 php
    2014-08-28 21:04
    回答 1 已采纳 You can do anything you wish by implementing a custom filter and doing a proper conversion from ar
  • 用 PHP 消毒用户输入的最佳方法是什么? php sql xss
    2008-09-24 20:20
    回答 18 已采纳 It's a common misconception that user input can be filtered. PHP even has a (now deprecated) "feat
  • Go 相关的框架,库和软件的精选清单
    2020-07-03 09:37
    baobaodqh的博客 goConfig-将结构解析为输入,并使用命令行,环境变量和配置文件中的参数填充此结构的字段。 godotenv -Ruby的dotenv库的Go端口(从加载环境变量.env)。 gofigure Go应用程序的配置。 missing / jconf-模块化JSON...
  • 这个消毒是否有任何XSS泄漏 php xss
    2014-01-12 14:38
    回答 1 已采纳 From a security standpoint, there is no need to use your sanitize function as long as you escape /
  • 优化句子消毒剂的正则表达式 php
    2012-11-18 21:33
    回答 1 已采纳 Here is the answer to your first problem. The third-to-last replacement is the problem: $fixed =
  • 消毒数组 mysql php
    2011-07-17 21:13
    回答 1 已采纳 You could use array_map before your for loop. That function applies a callback to each value of th
  • 精选的 Go 框架,库和软件的精选清单
    2020-05-09 11:24
    思月行云的博客 goConfig- 将结构解析为输入,并使用命令行,环境变量和配置文件中的参数填充此结构的字段。 godotenv -Ruby 的 dotenv 库的 Go 端口(从加载环境变量.env)。 gofigure Go 应用程序的配置。 missing / jconf- ...
  • 从XSS消毒输出到Textarea css php xss
    2012-04-22 17:42
    回答 3 已采纳 I think i would prefer a combo of filter_var and url_decode if you want to use a pure simple php S
  • php 查询成绩_与专家讨论PHP: 成绩单
    2020-08-13 22:59
    culi3118的博客 Codeigniter, laravel, zend etc [20:35] @bobo this is more of a browser question :) but some strategies include processing the data on post and then forwarding the user to a results page [20:35] ...
  • 从php角度分析预防xss和Sql注入
    2019-05-08 15:05
    pigfu的博客 例如客户端如从 URL 中提取数据并在本地执行,如果用户在客户端输入的数据包含了恶意的 JavaScript 脚本,而这些脚本没有经过适当的过滤和消毒,那么应用程序就可能受到 DOM-based XSS 攻击。需要特别注意以下的用户...
  • PHP 面试知识点整理归纳
    2018-09-05 18:33
    php小学一年级生的博客 全文已整理补充完毕,以后还会继续更新文章里面的错误,以及补充尚不完善的问题。 ... lz也是初学者,以下知识点均为自己整理且保持不断更新,也希望各路大神多多指点,若发现错误或有补充,可直接comment,lz时刻关注...
  • 你或许不知道PHP的这些坑
    2018-06-12 10:01
    IT圈的博客 但是这样就带来一个问题,如果answers不是写死的,而是某个API的返回值,你并不确定它是不是会返回空的,它也没有义务帮你cast成object,因为JSON序列化是跟前端交互的事情,不应该放到后端service层面解决。...
  • Go框架,库和软件的精选列表
    2019-05-05 15:55
    思月行云的博客  - 将结构解析为输入,并使用命令行,环境变量和配置文件中的参数填充此结构的字段。 godotenv  - Ruby的dotenv库的端口(从中加载环境变量 .env )。 gofigure  -  简化 应用程序配置。 gone / jconf ...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥15 stable diffusion
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误